You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Any ideas of how or where to go to get a hijack this log looked at and advice. I have removed a malware or several and they keep coming back? Any advice would be appreciated- as a new business I really need help and will be glad to help anyone I could in return with any real estate issues?? I attached it below- from hijack this.

BC AdBot (Login to Remove)

Welcome to the BleepingComputer HijackThis Logs and Analysis forum CARE101My name is Richie and i'll be helping you to fix your problems.

I don't see anything at all malicious in your log,lets try the following:

Clear your 'System Restore' points by doing the following: Right-click on 'My Computer' and select 'Properties'. Select 'System Restore'. Select 'Turn Off System Restore On All Drives'. Select 'Apply'. You will then get the following warning:"You have chosen to turn off System Restore.If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.Do you want to turn off System Restore?".Then select 'Yes',your 'System Restore' directories will be purged.

Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.

If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE:If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE:If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

----------------------------------------------

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktopClose any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang.

Also post a new Hijackthis log.

*Note*Post all replies directly into this topic,not as attachments,thanks.

I have attached both logs and you should know that while teh scans were running- spybot cetected 8 or 9 attempts to change my registry- during both scans.

What ever this is- I get infected files and exe files that say as an example- KillWind.exe or HPSummer2005.exe and many more- shell ext. I have seen many trojans. I had a paid deal with trend micro and it did not even detect them- then tried every scanner and trial you can think of- none worked- Kaspersky detected a few and I found the file and deleted. I have done a complete system recovery 3 times and this keeps coming back- I used to see the files on hijack this but it is like the trojan or whatever is learning or I have not found it and it continues to open the door for more nasty things.

I wanted to wait a bit and see what happens- teh screen still gets little static looking things going on as before when something was changing my registry and it is getting slower and slower again. I am still concerned, my computer was fast before as I have a 16 meg connection. Any thoughts??

ehtray.exe is a process in the tray bar process for the Microsoft Media Center. It gives you easy access to the digital media manager.

Download KillBox,unzip/extract it to your desktop.http://download.bleepingcomputer.com/spyware/KillBox.exeStart up Killbox and place a check in 'Delete on Reboot'.In the 'Full path of file to delete' box,copy and paste:C:\Documents and Settings\Owner\g2mdlhlpx.exeThen press the red button with the white cross.It will then provide a window for you to confirm the delete.Next it will ask if you now wish to reboot,select YES.Allow it to reboot.If it does'nt reboot automatically,reboot manually.

---------------------------------------------------------

Run 'BitDefender Online Scanner' using Internet Explorer:http://www.bitdefender.com/scan8/ie.htmlRead the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.You'll be prompted to install the activex control,please do so.Once installed,disable your current antivirus program,then click the 'Click here to scan' button.The virus signatures will then load.Once loaded the scan will start.The scan will take quite some time so please be patient.Once the scan has finished select the 'Detected Problems' tab.Click on 'Click here to export scan'.Save the file as an HTML file to your desktop.Then click on the saved file and allow it to open with your browser.Go to 'Edit'/'Select All' then copy and paste that log into your next reply.*Note*Don't forget to re-enable your antivirus program.

Also post a new Hijackthis log.Let me know how your pc is running now.

after I said no to allowing the delete file- 10 other thinsg came up that wanted to add or delete- shells, new winlogin, new search assistants, etc. I said no to all- this has been happeneing at least once per week.